frog

93 exploits Active since May 2002
CVE-2003-1406 EXPLOITDB text WRITEUP
D-Forum 1.00-1.11 - Remote Code Execution via my_header or my_footer Parameter
PHP remote file inclusion vulnerability in D-Forum 1.00 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the (1) my_header parameter to header.php3 or (2) my_footer parameter to footer.php3.
EIP-2026-105910 EXPLOITDB text WORKING POC
Clicky Web Pseudo-frames 1.0 - Remote File Inclusion
EIP-2026-105446 EXPLOITDB text WRITEUP
BES-CMS 0.4/0.5 - 'folder.php' File Inclusion
EIP-2026-105450 EXPLOITDB text WRITEUP
BES-CMS 0.4/0.5 - 'start.php' File Inclusion
EIP-2026-105449 EXPLOITDB text WRITEUP
BES-CMS 0.4/0.5 - 'message.php' File Inclusion
EIP-2026-105448 EXPLOITDB text WRITEUP
BES-CMS 0.4/0.5 - 'index.inc.php' File Inclusion
EIP-2026-105447 EXPLOITDB text WRITEUP
BES-CMS 0.4/0.5 - 'hacking.php' File Inclusion
CVE-2002-2200 EXPLOITDB text WRITEUP
Benjamin Lefevre Dobermann FORUM 0.5 - Code Injection
Benjamin Lefevre Dobermann FORUM 0.5 and earlier allows remote attackers to remotely include and execute malicious PHP files via the "subpath" variablein (1) entete.php, (2) enteteacceuil.php, (3) index.php, or (4) newtopic.php.
EIP-2026-105445 EXPLOITDB text WRITEUP
BES-CMS 0.4/0.5 - '/members/index.inc.php' File Inclusion
CVE-2002-2200 EXPLOITDB text WORKING POC
Benjamin Lefevre Dobermann FORUM 0.5 - Code Injection
Benjamin Lefevre Dobermann FORUM 0.5 and earlier allows remote attackers to remotely include and execute malicious PHP files via the "subpath" variablein (1) entete.php, (2) enteteacceuil.php, (3) index.php, or (4) newtopic.php.
CVE-2002-2200 EXPLOITDB text WORKING POC
Benjamin Lefevre Dobermann FORUM 0.5 - Code Injection
Benjamin Lefevre Dobermann FORUM 0.5 and earlier allows remote attackers to remotely include and execute malicious PHP files via the "subpath" variablein (1) entete.php, (2) enteteacceuil.php, (3) index.php, or (4) newtopic.php.
CVE-2002-2200 EXPLOITDB text WRITEUP
Benjamin Lefevre Dobermann FORUM 0.5 - Code Injection
Benjamin Lefevre Dobermann FORUM 0.5 and earlier allows remote attackers to remotely include and execute malicious PHP files via the "subpath" variablein (1) entete.php, (2) enteteacceuil.php, (3) index.php, or (4) newtopic.php.
CVE-2003-0752 EXPLOITDB text WRITEUP
AttilaPHP < 3.0 - SQL Injection via cook_id Parameter
SQL injection vulnerability in global.php3 of AttilaPHP 3.0, and possibly earlier versions, allows remote attackers to bypass authentication via a modified cook_id parameter.
EIP-2026-104636 EXPLOITDB text WRITEUP
Messagerie 1.0 - Arbitrary User Removal Denial of Service
EIP-2026-104954 EXPLOITDB text WORKING POC
ADManager 1.1 - Content Manipulation
CVE-2002-0733 EXPLOITDB text WRITEUP
thttpd <= 2.20 - Cross-Site Scripting via 404 Error Page
Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message.
CVE-2002-1727 EXPLOITDB text WRITEUP
askSam Web Publisher 1 and 4 - Cross-Site Scripting via URL
Cross-site scripting vulnerability (XSS) in (1) as_web.exe and (2) as_web4.exe in askSam Web Publisher 1 and 4 allows remote attackers to execute arbitrary script as other users via a URL.
CVE-2002-2339 EXPLOITDB text WORKING POC
Script-Shed GuestBook 1.0 - Cross-Site Scripting via JavaScript URL in Image Tags
Cross-site scripting (XSS) vulnerability in configure.asp in Script-Shed GuestBook 1.0 allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in (1) image, (2) img, (3) image=right, (4) img=right, (5) image=left, and (6) img=left tags.